366 Okta customers bear the brunt of LAPSUS$ cyber attack

At least 366 Okta customers have been victims of the cyber attack by hacker group LAPSUS$. That’s not the final score yet: the investigation into the hack is still ongoing. The number of victims may continue to rise.

Todd McKinnon, Okta’s general manager, confirmed this to Bloomberg.

LAPSUS$ attacks Okta through partner

LAPSUS$, also known as DEV-0537, is an international hacker group that has claimed numerous victims in recent months. NVIDIASamsung, and Microsoft, among others, were the target of the hacker collective. In all, the hackers allegedly stole hundreds of gigabytes of confidential data. In the case of Microsoft, the attackers would have stolen parts of the source code of search engine Bing, speech assistant Cortana, and navigation program Bing Maps.

Another major company to bear the brunt of LAPSUS$ was Okta. Okta provides authentication software to more than 15,000 customers worldwide, including Amazon and Apple. The hackers managed to penetrate Sitel’s network on January 21. Then they managed to access Okta’s network.

At least 366 victims, possibly more

Okta waited until March 22 to disclose the hack after LAPSUS$ members shared screenshots and images of Okta’s internal work environment via Telegram. CEO Todd McKinnon told Bloomberg on Monday that the delay is “unacceptable”. “Communication was not as clear as it should have been,” the CEO added.

McKinnon says he had no idea of ​​the impact of the attack in January. Only on March 22 did he know what the hackers had caused. The company immediately started informing customers. The technical impact for customers was “close to zero”, according to the director. The partnership with Intel has been terminated. Victims will receive a detailed report once the investigation into the attack is completed, McKinnon promises.

When asked how many customers were affected by the attack, McKinnon said at least 366 customers were involved. This number is not yet final, he emphasizes. The investigation into the attack is still ongoing. The number of victims may be higher.

Hackers didn’t use a spreadsheet with passwords or ransomware

To successfully penetrate Okta’s internal work environment, LAPSUS$ allegedly used a spreadsheet of passwords from Sitel. The hackers reportedly found a document called “DomAdmins-LastPass.xlsx” on the customer service company’s servers. According to the US tech site, this was an export document from a LastPass user who works Sitel. In a response, Sitel said that nothing about this reading is correct.

“This ‘spreadsheet’ mentioned in recent news articles contained only a list of Sykes past account names, but no passwords. The only reference to passwords in the spreadsheet was the date passwords were changed for each account listed; no passwords were included in this spreadsheet. Such information is inaccurate, misleading, and did not contribute to the incident,” Sitel said.

Microsoft investigated the attack and emphasized that LAPSUS$ did not use ransomware to penetrate Sitel’s corporate network. With the stolen credentials and session tokens, the hackers managed to break into the company’s computer systems.

The affected systems usually work with a Virtual Private Network (VPN), Remote Desktop Protocol (RDP), or Virtual Desktop Infrastructure (VDI) from parties such as Citrix and Azure Active Directory. In some cases, the perpetrators took over an employee’s phone number in order to circumvent two-factor authentication.

British police arrest several teenagers

In late March, British police arrested seven youths who may have had links to LAPSUS$. One of them is a sixteen-year-old boy. He is said to be the mastermind behind the hacking attacks. Two of the arrested youths had to answer for their actions in London court last week. According to the latest reports, the two are still in custody.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts